b'Evaluation of FDIC\xe2\x80\x99s Unix Systems Security\n\n(Report No. 04-008, February 13, 2004)\n\nSummary\n\nThis report presents the results of an evaluation by IBM Business Consulting Services (IBM), an\nindependent professional services firm engaged by the Office of Inspector General (OIG) to\nsupport its efforts to satisfy reporting requirements related to the Federal Information Security\nManagement Act of 2002.\n\nThe scope of the evaluation was specifically designed to focus on Unix security policies,\nstandards, and procedures; configuration management; and technical controls.\n\nIBM found a number of good security practices being applied in the Unix system environment,\nbut identified improvements that could be made. Most significantly, IBM recommended that\nadministration of the Unix servers be centralized to improve the consistency and uniformity of\nsecurity controls and practices applied to the servers.\n\nRecommendations\n\nIBM made multiple recommendations to improve Unix security at the FDIC.\n\nManagement Response\n\nThe FDIC\xe2\x80\x99s response adequately addressed all the conditions discussed in the report.\n\nThis report addresses issues associated with information security. Accordingly, we have not\nmade, nor do we intend to make, public release of the specific contents of the report.\n\x0c'